Skip to content

Commit

Permalink
Merge branch '7.0.x' into renovate/tomcat
Browse files Browse the repository at this point in the history
  • Loading branch information
codeconsole authored Nov 22, 2024
2 parents 8c0c699 + e3accd9 commit 297b466
Show file tree
Hide file tree
Showing 12 changed files with 145 additions and 77 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/gradle.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ on:
- '[3-9]+.[3-9]+.x'
workflow_dispatch:
env:
GIT_USER_NAME: puneetbehl
GIT_USER_EMAIL: behlp@unityfoundation.io
GIT_USER_NAME: grails-build
GIT_USER_EMAIL: grails-build@users.noreply.github.com

jobs:
core-tests:
Expand Down Expand Up @@ -70,6 +70,7 @@ jobs:
spring-security-core:build
--refresh-dependencies
-Dgeb.env=chromeHeadless
-x javadoc
- name: Publish Snapshot artifacts to Artifactory (repo.grails.org)
uses: gradle/actions/setup-gradle@v3
Expand All @@ -82,6 +83,7 @@ jobs:
arguments: |
-Dorg.gradle.internal.publish.checksums.insecure=true
spring-security-core:publish
-x javadoc
- name: Generate Snapshot Documentation
if: success()
Expand Down
1 change: 1 addition & 0 deletions .sdkmanrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
java=17.0.12-librca
15 changes: 15 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,18 @@ See [documentation](https://grails-plugins.github.io/grails-spring-security-core
- `4.0.x` compatible with Grails 4
- `3.3.x` compatible with Grails 3.3.x
- `3.2.x` compatible with Grails 3.2.x

Grails 7 requires disabling any Spring Security Auto Configurations you may have in your classpath. This can be done via annotation or `application.yml`
e.g.
```yml
spring:
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration
- org.springframework.boot.autoconfigure.security.servlet.SecurityFilterAutoConfiguration
- org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
- org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
- org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientAutoConfiguration
- org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration
- org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
```
1 change: 1 addition & 0 deletions buildSrc/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ repositories {
}

dependencies {
implementation platform("org.grails:grails-bom:7.0.0-SNAPSHOT")
implementation buildsrcLibs.asciidoctorj
implementation buildsrcLibs.asset.pipeline.gradle
implementation buildsrcLibs.grails.gradle.plugin, {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,15 +87,15 @@ class SpringSecurityUtilsIntegrationSpec extends AbstractIntegrationSpec {
expect:
10 == map.size()
map[Integer.MIN_VALUE + 10] instanceof SecurityRequestHolderFilter
map[300] instanceof SecurityContextPersistenceFilter
map[400] instanceof MutableLogoutFilter
map[800] instanceof GrailsUsernamePasswordAuthenticationFilter
map[1400] instanceof SecurityContextHolderAwareRequestFilter
map[1500] instanceof GrailsRememberMeAuthenticationFilter
map[1600] instanceof GrailsAnonymousAuthenticationFilter
map[1800] instanceof FormContentFilter
map[1900] instanceof ExceptionTranslationFilter
map[2000] instanceof FilterSecurityInterceptor
map[SecurityFilterPosition.SECURITY_CONTEXT_FILTER.order] instanceof SecurityContextPersistenceFilter
map[SecurityFilterPosition.LOGOUT_FILTER.order] instanceof MutableLogoutFilter
map[SecurityFilterPosition.FORM_LOGIN_FILTER.order] instanceof GrailsUsernamePasswordAuthenticationFilter
map[SecurityFilterPosition.SERVLET_API_SUPPORT_FILTER.order] instanceof SecurityContextHolderAwareRequestFilter
map[SecurityFilterPosition.REMEMBER_ME_FILTER.order] instanceof GrailsRememberMeAuthenticationFilter
map[SecurityFilterPosition.ANONYMOUS_FILTER.order] instanceof GrailsAnonymousAuthenticationFilter
map[SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order-10] instanceof FormContentFilter
map[SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order] instanceof ExceptionTranslationFilter
map[SecurityFilterPosition.FILTER_SECURITY_INTERCEPTOR.order] instanceof FilterSecurityInterceptor

when:
SpringSecurityUtils.clientRegisterFilter 'foo', SecurityFilterPosition.LOGOUT_FILTER
Expand Down Expand Up @@ -123,7 +123,7 @@ class SpringSecurityUtilsIntegrationSpec extends AbstractIntegrationSpec {

then:
11 == map.size()
map[410] instanceof DummyFilter
map[SecurityFilterPosition.LOGOUT_FILTER.order + 10] instanceof DummyFilter

when:
def filters = securityFilterChains[0].filters
Expand Down
5 changes: 3 additions & 2 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[versions]
asset-pipeline = '5.0.1'
commons-lang = '2.6'
commons-text = '1.12.0'
ehcache = '3.10.8'
geb = '7.0'
gorm-hibernate5 = '9.0.0-SNAPSHOT'
Expand All @@ -25,7 +25,7 @@ spring-security = '6.3.3'
tomcat = '10.1.30'

[libraries]
commons-lang = { module = 'commons-lang:commons-lang', version.ref = 'commons-lang' }
commons-text = { module = 'org.apache.commons:commons-text', version.ref = 'commons-text' }
ehcache = { module = 'org.ehcache:ehcache', version.ref = 'ehcache' }
geb-core = { module = 'org.gebish:geb-core', version.ref = 'geb' }
geb-spock = { module = 'org.gebish:geb-spock', version.ref = 'geb' }
Expand Down Expand Up @@ -76,6 +76,7 @@ spring-context-core = { module = 'org.springframework:spring-context', version.r
spring-context-support = { module = 'org.springframework:spring-context-support', version.ref = 'spring' }
spring-expression = { module = 'org.springframework:spring-expression', version.ref = 'spring' }
spring-security-core = { module = 'org.springframework.security:spring-security-core', version.ref = 'spring-security' }
spring-security-config = { module = 'org.springframework.security:spring-security-config', version.ref = 'spring-security' }
spring-security-crypto = { module = 'org.springframework.security:spring-security-crypto', version.ref = 'spring-security' }
spring-security-web = { module = 'org.springframework.security:spring-security-web', version.ref = 'spring-security' }
spring-test = { module = 'org.springframework:spring-test', version.ref = 'spring' }
Expand Down
10 changes: 3 additions & 7 deletions plugin/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,6 @@ plugins {

group = 'org.grails.plugins'

configurations {
all {
exclude group: 'javax.servlet'
}
}

dependencies {

api libs.grails.core
Expand All @@ -32,7 +26,7 @@ dependencies {
api libs.spring.security.web
api libs.spring.web

implementation libs.commons.lang
implementation libs.commons.text
implementation libs.ehcache
implementation libs.grails.bootstrap
implementation libs.grails.converters
Expand All @@ -42,6 +36,7 @@ dependencies {
implementation libs.spring.core
implementation libs.spring.security.crypto
implementation libs.spring.tx
compileOnly "jline:jline" // for shell commands

compileOnly libs.groovy.core // Compile-time annotations
compileOnly libs.jakarta.servlet.api // Provided
Expand All @@ -50,6 +45,7 @@ dependencies {
testImplementation libs.bundles.grails.testing.support
testImplementation libs.spock.core
testImplementation libs.spring.test
testImplementation libs.spring.security.config

testRuntimeOnly libs.slf4j.nop // Prevents warnings about missing slf4j implementation during tests
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package grails.plugin.springsecurity
package grails.plugin.springsecurity;

/**
* Stores the default order numbers of all Spring Security filters for use in configuration.
Expand All @@ -22,64 +22,100 @@
*
* @author Burt Beckwith
*/
enum SecurityFilterPosition {
/** First */
enum SecurityFilterPosition {

FIRST(Integer.MIN_VALUE),
/** HTTP/HTTPS channel filter */

DISABLE_ENCODE_URL_FILTER,

FORCE_EAGER_SESSION_FILTER,

CHANNEL_FILTER,
/** Concurrent Sessions */
CONCURRENT_SESSION_FILTER,
/** Populates the SecurityContextHolder */

SECURITY_CONTEXT_FILTER,
/** Logout */

CONCURRENT_SESSION_FILTER,

WEB_ASYNC_MANAGER_FILTER,

HEADERS_FILTER,

CORS_FILTER,

SAML2_LOGOUT_REQUEST_FILTER,

SAML2_LOGOUT_RESPONSE_FILTER,

CSRF_FILTER,

SAML2_LOGOUT_FILTER,

LOGOUT_FILTER,
/** x509 certs */

OAUTH2_AUTHORIZATION_REQUEST_FILTER,

SAML2_AUTHENTICATION_REQUEST_FILTER,

X509_FILTER,
/** Pre-auth */

PRE_AUTH_FILTER,
/** CAS */

CAS_FILTER,
/** UsernamePasswordAuthenticationFilter */

OAUTH2_LOGIN_FILTER,

SAML2_AUTHENTICATION_FILTER,

FORM_LOGIN_FILTER,
/** OpenID */
OPENID_FILTER,
/** Not used, generates a dynamic login form */

LOGIN_PAGE_FILTER,
/** Digest auth */

LOGOUT_PAGE_FILTER,

DIGEST_AUTH_FILTER,
/** Basic Auth */

BEARER_TOKEN_AUTH_FILTER,

BASIC_AUTH_FILTER,
/** saved request filter */

REQUEST_CACHE_FILTER,
/** SecurityContextHolderAwareRequestFilter */

SERVLET_API_SUPPORT_FILTER,
/** Remember-me cookie */

JAAS_API_SUPPORT_FILTER,

REMEMBER_ME_FILTER,
/** Anonymous auth */

ANONYMOUS_FILTER,
/** SessionManagementFilter */

OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER,

WELL_KNOWN_CHANGE_PASSWORD_REDIRECT_FILTER,

SESSION_MANAGEMENT_FILTER,
/** Spring FormContentFilter allows www-url-form-encoded content-types to provide params in PUT requests */
FORM_CONTENT_FILTER,
/** ExceptionTranslationFilter */

EXCEPTION_TRANSLATION_FILTER,
/** FilterSecurityInterceptor */

FILTER_SECURITY_INTERCEPTOR,
/** Switch user */

SWITCH_USER_FILTER,
/** Last */
LAST(Integer.MAX_VALUE)

private static final int INTERVAL = 100
LAST(Integer.MAX_VALUE);

private static final int INTERVAL = 100;

/** The position in the chain. */
final int order
private final int order;

private SecurityFilterPosition() {
order = ordinal() * INTERVAL
SecurityFilterPosition() {
this.order = ordinal() * INTERVAL;
}

private SecurityFilterPosition(int filterOrder) {
order = filterOrder
SecurityFilterPosition(int order) {
this.order = order;
}

public int getOrder() {
return this.order;
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ import grails.plugins.Plugin
import grails.util.Metadata
import groovy.util.logging.Slf4j
import org.grails.web.mime.HttpServletResponseExtension
import org.springframework.boot.autoconfigure.security.SecurityProperties
import org.springframework.boot.web.servlet.FilterRegistrationBean
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean
import org.springframework.cache.jcache.JCacheCacheManager
Expand Down Expand Up @@ -221,17 +222,7 @@ class SpringSecurityCoreGrailsPlugin extends Plugin {
filter = ref('springSecurityFilterChain')
urlPatterns = ['/*']
dispatcherTypes = EnumSet.of(DispatcherType.ERROR, DispatcherType.REQUEST)

// The filter chain has to be after grailsWebRequestFilter, but its order changed
// in 3.1 (from Ordered.HIGHEST_PRECEDENCE + 30 (-2147483618) to
// FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 30 (30))
String grailsVersion = Metadata.current.getGrailsVersion()
if (grailsVersion.startsWith('3.0')) {
order = Ordered.HIGHEST_PRECEDENCE + 100
}
else {
order = 100 // FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 100
}
order = SecurityProperties.DEFAULT_FILTER_ORDER
}

if (conf.useHttpSessionEventPublisher) {
Expand Down Expand Up @@ -673,6 +664,13 @@ to default to 'Annotation'; setting value to 'Annotation'
// build filters here to give dependent plugins a chance to register some
SortedMap<Integer, String> filterNames = ReflectionUtils.findFilterChainNames(conf)
def securityFilterChains = applicationContext.securityFilterChains

// if sitemesh 3 is installed, the filter should be applied a second time
// as part of the security filter chain so that pages are decorated using the security context
if (applicationContext.containsBean('sitemesh')) {
filterNames[SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order - 10] = 'sitemesh'
}

SpringSecurityUtils.buildFilterChains filterNames, conf.filterChain.chainMap ?: [], securityFilterChains, applicationContext
log.trace 'Filter chain: {}', securityFilterChains

Expand Down
Loading

0 comments on commit 297b466

Please sign in to comment.